Manoel Zaninetti

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 1.4.4 **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. This is related to a remote file inclusion vulnerability in the webmail.php file. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the webmail.php file to minimize the risk of exploitation.